EVMs – Let Us Trust But Also Verify

Only 20 countries out of 120 democratic nations in the world use EVMs (Electronic Voting Machines) and another 6 countries are still doing pilot studies.

USA, one of the largest democracies in the world, uses a combination of direct voting machines to read the vote marked on ballot papers, as well as ballot papers. In the USA, direct vote-recording machines are used in 27 states, while 15 states use machines with paper audit trail machines.

Bharat, another largest democracy, has switched over to EVMs since 2004. The Bharatiya EVMs are stand-alone machines whereas voting machines in the USA are connected to a server and operate using the internet, making them vulnerable to cyber attacks. Against the backdrop of allegations of hacking of the 2016 US presidential elections, the Congress last year had earmarked $380 million to secure servers and systems in the country.

Netherlands, Ireland, Italy, England and Germany have banned the usage of EVMs due to various reasons like- lack of transparency, lack of trust, difficulty in managing EVMs, expensive technology, not fitting into the constitutional guidelines etc.

VVPATs (Voter Verifiable Paper Audit Trail) were first used in Goa elections in Bharat in the year 2017. A VVPAT is intended as an independent verification system for voting machines designed to allow voters to verify that their vote was cast correctly, to detect possible election fraud or malfunction, and to provide a means to audit the stored electronic results.

It contains the name of the candidate (for whom vote has been cast) and symbol of the party/individual candidate. The VVPAT slip is displayed to the voter for seven seconds after which the VVPAT machine cuts it and drops in into the storage box with a beep. Estonia with a population of just 1.3 million became the first country in the world in 2005 to have mandatory electronic voting using the Internet. In Estonia in March 2019 parliamentary elections, around 44 % of the votes were cast online.

EVMs used in Bharat can record a maximum of 3840 votes and can cater up to 64 candidates. There is provision for 16 candidates in a single balloting unit and up to a maximum of 4 units can be connected in parallel. The conventional ballot paper/box method of polling is used if the number of candidates exceeds 64. 

Bharat has given technical support related to the EVM to Jordan, Maldives, Namibia, Egypt, Bhutan and Nepal. Bhutan, Nepal and Namibia are using Electronic Voting Machines made in Bharat.

Types of voting systems

(i) Paper Ballots that are hand counted

(ii) Machine-readable Paper Ballots that are scanned and electronically counted using Optical Mark Recognition (OMR) technology.

(iii) Direct Recording Electronic Voting Machines (DREs) or ‘paperless EVMs’

(iv) Direct Recording Electronic Voting Machines with Voter Verified Paper Audit Trail (DRE-VVPAT)

(v) Internet-based Voting or Online Voting.

Bharat started the process of changeover from paper ballots that are hand counted to Direct Recording Electronic Voting Machines in 1999 and in the current parliament elections in 2019 started using Direct Recording Electronic Voting Machines with Voter Verified Paper Audit Trail.

Machine-readable Paper Ballots that are scanned and electronically counted using Optical Mark Recognition (OMR) technology have the advantages of the paper ballot system and at the same time avoid delays associated with hand counting as they use OMR technology. The totals are verified by running the ballots through a second OMR counting machine simultaneously. They also have a cross verification procedure by hand counting a certain percentage of the ballots for confirmation. Several States in the US follow this practice.

Direct Recording Electronic Voting Machines (DREs) or ‘paperless EVMs’ suffer from the lack of transparency and verifiability whereas Direct Recording Electronic Voting Machines with Voter Verified Paper Audit Trail (DRE-VVPAT) provide the opportunity to the voter to verify himself if his vote has been recorded correctly by viewing the VVPAT display.

Advantages of VVPATs

  1. It gives confidence to the voter that his vote has been correctly registered.
  2. It provides scope for recounting.
  3. Reconciliation of the VVPATs with the machine counted votes.
  4. Back up or fall back mechanism when there is malfunction of the machine and loss of data of machine counted votes.

Internet-based Voting or Online Voting is highly vulnerable to hacking and cyber attacks.

There have been instances of glitches in EVMs and VVPAT machines in the current ongoing parliament elections in Bharat in 2019. In 2013, the Supreme Court passed an order mandating the use of VVPAT EVMs, and directed the ECI to implement them in a phased manner.

Earlier under the ECI guidelines only the VVPAT slips from one EVM in every Assembly segment/constituency was subjected to physical verification. On 7th April, 2019 responding to the petition filed by 21 opposition political parties the Supreme Court has directed the ECI to increase the random checking of VVPAT slips to 5 EVMs per assembly constituency or assembly segment in each parliamentary seat in general elections in 2019.

On 23rd April, 2019 the 21 opposition political parties have filed a review petition in the Supreme Court for counting of at least 50% of VVPAT slips.

The ECI had said that a 50% random physical verification of VVPATs would delay Lok Sabha poll results of 2019 by six whole days. Quoting a March 22, 2019 report of the Indian Statistical Institute, which had said that a sample verification of 479 EVMs and VVPATs out of a total 10.35 lakh machine would lift public confidence to 99.9936%.

ECI said sample verification of VVPAT slips of one EVM per assembly constituency will result in sample verification of 4,125 EVMs and VVPATs for the April-May, 2019 Lok Sabha polls, which is 8.6 times the sample size recommended in the Indian Statistical Institute report.

The Supreme Court ruling on 7th April, 2019 which directs ECI to increase the VVPATs counting to 5 EVMs per assembly constituency will result in VVPATs counting of 20,625 EVMs. Around 16 lakh EVMs with VVPATs are expected to be in use for this parliament elections during April-May, 2019 in Bharat. The sample verification of VVPATs counting of 20,625 EVMs works out to 1.29% of the total EVMs used in the elections.

Therefore, counting of VVPATs of even 5 EVMs per assembly constituency may not be adequate. Also the sample size determination which was originally based on the report of Indian Statistical Institute suffers from the following limitations.

Sample size determination is done based on the total EVMs used in the elections in the country, which is purely a quantitative exercise and ignores the following crucial quantitative and qualitative factors, viz.,

(i) EVMs used in each state which differs from state to state.

(ii) Polling percentage which is not uniform in each polling booth.

(iii) Influence of local/regional factors in polling patterns of the people.

(iv) Winning margin may be very narrow in certain constituencies.

A sample chosen should contain all the attributes or features of the total population so that it reflects a miniature of all the characteristics of the total population. In other words the sample size of VVPATs of 5 EVMs per assembly constituency does not take into account the above mentioned three important factors that are both quantitative and qualitative.

Therefore, the appropriate sampling methodology should be based on the following steps-

  • Consider the total polling stations in each state as the criteria (i.e., population) to determine the total sample size of polling stations to be taken for VVPATs counting.
  •  The above total sample size of polling stations in each state to be further split into samples for each district based on (i) the proportion of the polling stations  in each district, (ii) classification of polling stations based on the percentage of votes polled in each polling station, (iii) No. of polling stations where the winning margin is very small (say 50 to 60 considering the 1200 as the maximum voters per booth on an average)

The stratified random sampling methodology mentioned above would be more realistic and scientifically acceptable in a country like Bharat that has diverse features as explained earlier.

Tampering or hacking of EVMs

ECI claims our EVMs cannot be hacked as they are stand alone and non networked machines (i.e., not connected to internet). This contention of ECI is not totally correct since there have been instances of technology frauds/ tampering of electronic machines or equipments even though they operate on stand alone basis if the hackers can access such machines physically and either replace few parts or attach some extra devise and embed them with bluetooth device or Trojan that makes remote access possible.

Such remote access can even lead to transfer of certain number or percentage of votes from the winning contestant to the next leading contestant. This Trojan can remain dormant till the elections, be activated during the elections to steal votes, and be made to ‘disappear’ after elections. Physical access to EVMs for hacking as mentioned above is possible at various stages as under-

  1. Chip making stage
  2. Assembling of EVMs
  3. Transportation of manufactured EVMs to centralized location.
  4. Storage of manufactured EVMs at centralized location.
  5. Transportation and installation of EVMs at polling stations.
  6. First level checks or mock run of EVMs during the elections.  
  7. Repairs and maintenance of EVMs.

Needless to mention that such hacking is possible when there are gaps in the systems and controls either with or without the connivance of the internal staff of the concerned entity/ organization by the hackers from outside. Even though ECI can exercise greater control on EVMs at the stages mentioned in 4, 5 and 6, there cannot be absolute zero possibility of hacking at any of the seven stages mentioned above.

Counting of VVPAT slips can detect the above mentioned hacking. The voting data stored in the electronic memory of the EVM’s Control Unit is even though in encrypted form, it is not clear whether it is also cryptographically protected.

According to technology experts, cryptography offers greater protection than encryption and therefore, there is a need for the technology experts and ECI to look into this area for further enhancement of security features.

Selectively omitting the names of small groups of voters – by community, caste or locality, for example – can play havoc on polling day. This is alleged to have been the modus operandi of Russian interference in the 2016 U.S Presidential Election. About 30 EVMs were made available in a ‘Voting Village’ to professional hackers for the first time in the 25 DEFCON (annual) Conference held in July 2017 at Los Vegas, USA.

The hackers broke into the US voting machines within 90 minutes and it was found that the EVMs were vulnerable for hacking lending credence to the theory that Russians had used hacking techniques to influence the 2016 US Presidential election.

The Election Commission of India (ECI) conducted a ‘Hackathon’ in June 2017 in which the participants were not allowed to open the EVMs but could use a combination of keys on EVMs or communication devices such as cell phones and Bluetooth to tamper with the machines to change the results. Most Bharatiya political parties boycotted this event stating the conditions imposed by the ECI were unfair.

The feasibility of reverse engineering firmware (i.e., permanent software programmed into a read only memory) even though it is ‘burnt’ into the CPU has been recognised by the U.S Court of Appeals, Ninth Circuit, in the case of “Syntek Semiconductor Co., (Taiwan) versus Microchip Technology Inc., (USA)” in April 2002. Thus the ‘unreadable and unalterable’ secret firmware is also not a fool proof security feature as claimed by the ECI. Incidentally Bharatiya EVMs use micro chips manufactured in US or Japan since Bharat does not have the capability to produce the same.

According to an article dated December 12, 2017 in The Wire and titled “RTI Response raises serious questions about Security, Handling of EVMs”, the ECI has admitted to at least 70 cases of theft of EVMs across three States – Chhattisgarh, Gujarat and Madhya Pradesh – over successive elections. Till date, no one has been convicted for theft of EVMs.

The RTI reply also revealed that there was a very big discrepancy between the number of EVMs that were manufactured by ECIL and BEL and those actually procured by the ECI with no satisfactory explanation as to what happened to the ‘missing’ EVMs.

According to the RTI responses, Electronics Corporation of India said it had manufactured 1,97,368 more control units and 3,55,747 more ballot units than those disclosed by the EC. This shows that there is no proper system in place for periodic reconciliation. There was also no satisfactory reply to the question as to how the old EVMs were disposed of. So the possibility of large numbers of EVMs being out there in the wrong hands cannot be ruled out.

The ECI has issued instructions only in October 2017 for tightening security in warehouses including installation of CCTVs. However, the successful implementation of these instructions depends on the effective control measures adopted by respective state governments where these EVMs are stored.

The ECI claims that the post-2013 third generation (M3) EVMs have certain new features for (i) Mutual authentication among all components of EVMs such as Ballot Unit, Control Unit and VVPAT and (ii) Automated self-diagnostics. These new features are obviously not so useful if some of the tampered EVMs were supplied by the EVM manufacturers themselves.

Even when the tampering is done at the district level where they are kept in storage, if the machines were to do any such authentication themselves, according to experts a Trojan can be easily designed to clear this self-test. So, these self-authenticating features in the M3 machines may not be of much use to prevent fraud. Therefore, external Authentication Units that can interface with EVMs will ensure greater protection in this regard.

Assuming that the hackers will do hacking of EVMs on a large scale is not a plausible one since a winner with sizeable majority or a loser with huge margin will not venture to hack but only the one who is likely to win or lose with a small or wafer thin margins. Therefore, hacking or tampering of the EVMs is likely to occur only in a limited number of machines and the existing systems and controls as well as the sampling methodology used for determining the number of VVPATs have lot of questions to answer in his regard.

There is a need for an independent technology audit on the functioning of ECI in order to enhance the reliability and credibility of this institution which is a constitutional body and is tasked with the responsibility of conducting the elections of one of the largest democracies in the world.

All political parties in Bharat, without exception at one point or other when they are in opposition or lost the elections, have alleged EVMs have been tampered. This justifies the need for necessary legislative measures to evolve a mechanism for independent technology audit of ECI.

This will only enhance further the image of ECI which has done a credible job so far in conducting the elections by and large smoothly in one of the largest democracies in the world and doing a change over from paper ballots to EVMs.


Did you find this article useful? We’re a non-profit. Make a donation and help pay for our journalism.

About the Author

B.N.V. Parthasarathi
Ex Senior Banker, Management and Financial Consultant, Visiting faculty at premier B Schools and Universities. E mail- [email protected]